[jcifs] Davenport - Domain Authentication Problems

Eric eglass1 at comcast.net
Sat Apr 17 10:26:09 GMT 2004 

> alwaysAuthentication – true
> jcifs.smb.client.domain – DOMAIN
> jcifs.http.domainController – 10.0.0.1
> jcifs.smb.lmCompatibility – 0
> jcifs.http.enableBasic – true
> jcifs.http.insecureBasic – false
> 
> When I first open the Davenport URL (http://127.0.0.1/davenport), I am 
> prompted for a username/password.  The username/password I use is a 
> domain account contained in the active directory.  At this point, it 
> appears to authenticate with server: 0.0.0.0<00>/10.0.0.1.   This 
> appears fine, and the domain list is displayed.
> 
> When I click the domain link, I am not prompted for a 
> username/password.  Authentication happens against server: 
> DOMAINNAME<1D>/10.0.0.1, and a list of all servers in the domain is 
> presented.
> 
> Now, the problem.  When I click a specific server, I am not prompted for 
> a username/password.  Authentication happens against server:  
> SERVERNAME<20>/10.0.0.7 and no shares/files etc. are listed even though 
> the domain user has permission to shares on said server.
>
> It appears that the share list is not presented because I attempted to 
> authenticate a user against the server itself, and the user does not 
> exist on said server.  If I create a user on the server with the same 
> username/password, the shares are presented properly.  This leads to a 
> couple questions:
> 
> 1.  Is there a way to force all authentication to happen at the domain 
> level?
> 

If you have a packet trace from the davenport server, it would help to 
determine what exactly is occuring over the wire (if you send one, send 
it to me directly rather than the list).  What client are you using? 
 From your config, only NTLM will be offered, unless the connection is 
over HTTPS; then both NTLM and Basic should be presented.  The Web 
Folders client will use NTLM in either case; so if you're getting 
prompted you would need to enter "DOMAIN\username" for the username (the 
Basic handler in Davenport can append a default domain, but NTLM just 
takes whatever the client sends).  You can try setting "enableNtlm" to 
false to just use Basic; if you do so you may also need to set 
"jcifs.http.insecureBasic" to true (or else no authentication will 
happen over non-HTTPS connections).

> 2.  If authentication fails, should I not get a pop-up window asking for 
> new credentials?
> 

You should get a prompt if an access denied error occurs; I'd have to 
see a packet trace to be sure, but my guess (off the top of my head) 
would be the server is allowing the connection and just doesn't list any 
shares.

Does it work if you access the share directly (i.e. 
http://127.0.0.1/davenport/server/share/)?

More information about the jcifs mailing list